37 minute read

AWARDS ROUND-UP

Next Article
FINAL WORD

FINAL WORD

The CISO 50 & Future Security Awards 2021 organised by CPI, celebrated and recognised accomplishments in the regional IT security landscape. The awards, which took place at the Habtoor Grand Hotel in Dubai in September, celebrated and recognised CISOs & industry visionaries who display uncompromising dedication and commitment towards creating a cyber secure world, even in the midst of challenging market conditions. In particular, it celebrated the role of the CISO/CIO and other security decision makers as they lead the way in bolstering cybersecurity, thinking outside the box, stepping up and helping businesses navigate the challenges brought on by the new normal. We bring you the full list of winners across all categories.

Aliasgar Bohari Zulekha Hospital Hani Bani Amer ENOC Harsh Daftary Emirates NBD Bank PJSC

Nico Putter Lamprell Energy Binoy Balakrishnan AW Rostamani Group

Shah E Room Khan Emirates College of Technology Mohannad Hennawi NAFFCO

Nithin Geo Thomas Amity Education Middle East Eric Gayet Majid Al Futtaim Properties Mustansir Aziz Gulf Diagnostic Center Hospital

Mohamed Sabah Al Khalaf Dubai Holding LLC Manan Shah Avalance Global Solutions

Shijin Prasad R.S. Cure Medical Centers Rajesh Sivarajan Geodis Freight Forwarding LLC Irshad Mohammed VPS Healthcare

Prashant Nair Network International Hadi Anwar Group 42

Mohammed Shuaib Smart Umm Al Quwain Mahmoud Yassin United Arab Bank Jean-Michel Briffaut Keolis - MHI

Yousef AlShaer Dubai Digital Authority Shaik Sabir Department of Finance – Dubai

Vivek Gupta GEMS Education Anoop Paudval Gulf News, Al Nisr Publishing Mohamad Mahjoub Enova Facilities Management Services Middle East

Asma Omar Mohammed Muallemi

Dubai Municipality

Rahul Mishra

RAK Bank

Hind Ali Alloghani

Abu Dhabi Monitoring and Controlling Centre

Abdulla Bader Al Sayari

Department of Health

Khaldoon Bargouthi

Mohamed Yousuf Naghi & Brothers Group

Abdul Rahman

Omantel

Velmurugan S

Emaar

Ali Al Ameri

Abu Dhabi Retirement Pensions and Benefits Fund (ADRPBF)

Abdulla Almarzooqi

Dubai Police

Khalid Othman Binahmad

STC Solutions, KSA

Hamad Al Balushi

Ajman Digital Government

Mohamed Abdulwahed Alajmani

Sharjah Customs

Hossam Abbas Barakat

Egypt Gas

Emad Maisari

Mubadala Investment Company

Shishir Deshpande

Alec

Hisham Mohamed Ali Ibrahim

Emirates NBD - Egypt

Abdul Rahman Shelleh

Al Dhafrah Region Municipality

Soney Paul Bahanan

NMC Healthcare Ltd.

Fortinet

Best Network Security Vendor

Hikvision

Best AI Security Vendor

Rackspace Technology

Best Managed Cloud Provider

ESET Middle East

Best SMB Endpoint Security Vendor

LinkShadow

Security Analytics Platform of the Year

Huawei Middle East

Best 5G Security Vendor

Seclore

Best Data Protection Vendor

Help AG

Best Managed Detection and Response Service Provider

Sophos

Best Endpoint Security Vendor

Raqmiyat

Best Encryption Vendor

Ring

Best Smart Home Security Vendor

Mimecast

Best Email Security Vendor

Starlink

Best Security VAD

Help AG

Best Managed Security Services Provider

Protiviti

Best Security Consulting Services Partner

D-Link

Best Cloud Networking Vendor

Micro Focus

Best Cloud Security Vendor

Infobip

Best Digitalisation & Cybersecurity Provider

Virsec

Emerging Security Vendor of the Year

A PANEL DISCUSSION ON LEADERSHIP & THE CHANGING SECURITY DIALOGUE WAS HELD AS PART OF THE CISO 50& FUTURE SECURITY AWARDS HOSTED BY CPI LAST MONTH. WE BRING YOU A REPORT.

Four of the leading security decision makers in the region got together to debate the changing role of security leadership in the context of a rapidly evolving threat and security landscape. Moderated by Anita Joseph, editor, Security Middle East & Reseller Middle East, the discussion brought together Mohamed Kamel, customer success manager at Seclore Middle East, Ahmed Diab, senior sales director at StarLink, Ranjan Sinha, managing director at Protiviti and Nicolai Solling, CTO at Help AG, to explore the expanding role of CISOs and CIOs within an increasingly complicated cybersecurity landscape. 2021 can be called the Year of Transformation. It is the year in which companies, both large and small, have accelerated their digital transformation journey in order to ensure continuity of business operations and stay relevant for customers. IT teams and their leaders are being faced with a sudden deluge of demands to execute the impossible in a short period of time.

As a result, the conversation around security is front and center. So much so that it’s become top priority for business leaders as the world prepares to recover from the damages of 2020. This puts the Chief Information Security Officer (CISO) and other security professionals in the hot seat at every conversation — from the weekly IT department stand-up to the quarterly board meetings.

Introducing the transformational CISO/security professional: The leader who takes charge of an ITfocused organisation through a time of transformation. So, what are the challenges that today’s CISO/security leaders face? How can they lead from the front and ensure that security is top priority while implementing new technology? Above all, how can they

ensure that the actions of today can bring about a safe and cyber threatfree world tomorrow? These questions formed the crux of the panel discussion.

All the panelists agreed that the role of the new-age CISO and other security decision makers brings with it its own challenges and pain points. “The new technologies that are coming into the picture-like IoT, blockchain and cloud-are putting increased pressure on the role of the CISOs and CIOs,” said Mohammed Kamel. “However, in my opinion, I still believe that human error and lack of awareness of cybersecurity risks is the main challenge for any decision maker/CISO,” he added.

According to Ahmed Diab, “the main challenge lies internally within an organisation, where the other departments and functions fail to understand the role of the CISO and how early on CISOs should be engaged with the business plan and goals of enablers rather than as inhibitors to the growth of the company. Many a time, CISOs are being branded as inhibitors where they actually can be enablers, and this is a huge cultural change that may be required.”

Nicolai Solling was of the opinion that while cyber attackers are becoming better and better at what they do, more persistent and well-funded, we have CISOs who are being asked to do more with less, which resulted in a conflict between the two. “Also, with attackers being as professional as they are today, we have to look back and review whether we are actually able to deliver those services internally in our organisations. We’re also getting to a space where CISOs will have to start thinking about what is appropriate to handle internally within their organisation and what should they rely on partners to do, so that we can let the professionals defend against the professionals.”

The panelists also said there should be a bigger role for CISOs in business planning and business strategy and that security has to be the underlying pillar of all the infrastructure and resilience frameworks that organisations create, in order to ensure a safer and more secure world tomorrow. The discussion came to a close with the realisation that while the challenges facing CISOs are real and demanding, the right kind of leadership-futuristic and forward thinking-will help overcome these problems as we step into a new, “alldigital” era.

the company. The budgets and the cost reductions that CISOs may face, especially post the pandemic, as well as the talent gap that currently exists, are the other challenges that decision makers face.”

Ranjan Sinha said the main challenge faced by CISOs today was to “act as

“WE’RE GETTING TO A SPACE WHERE CISOS WILL HAVE TO START THINKING ABOUT WHAT IS APPROPRIATE TO HANDLE INTERNALLY WITHIN THEIR ORGANISATION AND WHAT THEY SHOULD RELY ON PARTNERS TO DO.”

LOOKING BEYOND DATA CLASSIFICATION

A ROUNDTABLE HOSTED BY CPI MEDIA GROUP AND SECLORE DISCUSSED WAYS TO NAVIGATE THE DLP/CLASSIFICATION/DRM/ ENCRYPTION LANDSCAPE FOR GREATER COMPLIANCE AND SECURITY.

Data protection is quickly becoming an impossible goal with the number of collaboration applications, devices, networks, and cloud services being used, increasing constantly. Interestingly, data-centric security technologies like DLP, Encryption and Classification have been around for some time but have taken a lot of time and resources to deploy.

The roundtable brought together industry experts-Eric Gayet, head of information security functions at Majid Al Futtaim Global Solutions, Harsh Daftary, lead security architect at Emirates NBD, Darko Mihajlovski, information & cybersecurity consultant at Deem Finance, Ismail Jani, manager, Information Security at Engineering Office and Shaik Sabir, head of unit, information technology section, Department of Finance- to debate the pros and cons of data-centric security technologies and also explore how automation is changing the landscape in data-centric security deployments.

The session was moderated by Vishal Gupta, CEO of Seclore, an IIT Bombay (Electrical Engineering) graduate and a specialist in biometric security systems. Seclore is the leading player in the data centric security platform space and Vishal has led the company from founding to presently having 2,000+ enterprise customers in more than 29 countries. Vishal is also an active participant in physics activities and is an active sports person, a keen blogger on information

“THE DISCOVERY OF DATA OR THE CLASSIFICATION OF DATA ARE JUST MEANS TO AN ENDDATA PROTECTION INITIATIVES WORK BEST WHEN THEY KEEP THE FINAL OBJECTIVE OF PROTECTING DATA AS THE GOAL, AND NEITHER DISCOVERY NOR CLASSIFICATION ARE HELPING TO ACHIEVE THAT END OBJECTIVE.”

security solutions and an intrepid speaker at various information security forums.

The main question driving the debate was whether the data-centric security technologies have actually delivered on their promise- and if not, what are the some of the biggest challenges in this value delivery process?

Eric Gayet stressed the need to revamp the process side of organisations and enhance awareness among people. “From my perspective, yes, technologies have delivered on the promise-not only to support the security strategy and agenda we all have for the organisation, but also tackle the multiple compliance requirements that we need to align and be compliant with. In terms of the challenges, there is a basic principle that we will all agree with-people, process and technology. I will say technologies are quite mature today, however, in most of the organisations, the process side, the awareness and understanding among people of the risk, the objectives and the reason for doing what we do, is still an area where we have a lot on the plate, lots to do.”

According to Harsh Daftary, sometimes the products themselves are faulty. “If you look at the satisfaction score, out of 100, we are sometimes only 60 percent satisfied with a product and we’ve shifted between products mid-way. We’ve discovered that classification & DLP do not fit each other because there is no unified labelling between the two, and for this, we had to bring in a separate plugin-the kind of engineering we’ve had to do was crazy. In fact, it was not only about the quality, the products themselves have security holes in them.”

Darko Mihajlovski said it was not just about the maturity of the organisation or the awareness of its people, but also the fact that sometimes, being too professional about cybersecurity can get too noisy for organisations and they don’t want to accept that. “So, education and awareness among all the ranks of the organisation, but also, whenever you want

Vishal Gupta Shaik Sabir

Eric Gayet Darko Mihajlovski Harsh Daftary

Ismail Jani

to initiate data classification, it should come from the top and the CISOs should take over,” he pointed out.

For Ismail Jani, a major aspect about all of this centred around bringing a cultural change within an organisation. “This can be achieved only when you interact with every department, every business line, and consider everyone a stakeholder. Also, with security teams, we’ll have to get a buy-in from everybody, include all business processes and business rules in your classification, and have a simple classification system like 1,2, 3 and 4 where most of the classifications can fit and people can identify easily.”

Vishal said the biggest challenge is all about end-user involvement and that all organisations must keep the final objective of data protection in mind. “The discovery of data or the classification of data are just means to an end-data protection initiatives work best when they keep the final objective of protecting data as the goal, and neither discovery nor classification are helping to achieve that end objective. The challenge is also that these data discovery and classification projects never come to an end-you have to go on and on and the actual step of data protection never happens. Enterprises have so much data, so many people, that these projects never end.”

Vishal also emphasised the need to look past data discovery and data classification as the final goal. “There is an emerging class of technologies that are data protection platforms. What these platforms do is that they effectively integrate information coming in from the discovery systems, the DLP systems, the classification systems, a rights management or an encryption system. Then you have a step after this, which is data-centric monitoring. You don’t only want to protect, you also want to monitor what happens to the data after you’ve protected it. These data-centric security platforms are unifying platforms that takes care of all the different challenges. All of the uncertainties get abstracted out. We need to make sure that in our data protection journey, we keep the final objective in mind and don’t treat data discovery and classification as the final goal, because it is not.”

The panelists agreed that while there are many pain points, the ultimate goal of protecting data is what all organisations need to have in mind and to do that effectively, organisations need to look at the various automation frameworks that can analyse a piece of data, figure out the policy that should govern this data and then directly implement the policy, so that the whole, cumbersome discoveryclassification process, can in many cases, be bypassed completely.

INDUSTRIAL CYBERSECURITY: HOW TO PROTECT YOUR ASSETS IN THE DIGITAL TRANSFORMATION AGE

AS THE INDUSTRIAL WORLD BECOMES EVER MORE CONNECTED AND COMPLEX, THE NEED TO EMBED PERVASIVE CYBERSECURITY POLICIES IS PARAMOUNT, SAYS TIM GRIEVESON, CHIEF INFORMATION SECURITY OFFICER, AVEVA.

In an age of rapid digitisation and always-on connectivity, the industrial landscape has never been more ready for transformation. Post-pandemic, companies have learned radical lessons about how to run and optimise systems in unpredictable operational times. As such, global organisations have been compelled take decisive action by putting technology at the very heart of their business processes. Cybersecurity is a key business differential in ensuring these operations are secure and resilient.

With the rapid and significant need to enable remote work and team collaboration, software solutions like Cloud, Edge and IoT can pave the way for improved business performance and procedures. But with great opportunities also come challenges. As such, more complex industry technology solutions demand a heightened focus on cybersecurity and securely enabling the work-from-anywhere culture.

Industrial risks

According to global cybersecurity analysts, industrial systems are still not yet sufficiently protected against the new and multi-faceted risks of digital transformation, despite being susceptible to increasing risks for many years. In order to be effective, company cybersecurity policies must proactively and holistically pervade the entire organisation. A balance should also be struck between mitigating risks and enabling new business initiatives. What’s more, it’s imperative that companies focus not only on training staff but also on selecting appropriate and best-of-breed technology partners who build security into the ecosystem of how they operate, as opposed to charging extra or having security as an add-on.

Key security considerations

Industrial businesses that embrace transformation and have a holistic view of cybersecurity are benefitting from diverse technology ecosystem development, including connected devices, edge control, apps, analytics and cloud services, which are enhancing business performance at an unprecedented pace.

It’s vital that your organisation’s approach to security is part of the organisational culture – using components that meet recognised standards and include encryption by default. Security must be integral to the design of any process or operation and fundamentally baked into the services that support the operation of your systems and business objectives.

Company checklist

The tsunami of risks focused on operating technology (OT) ranges from the exposure of intellectual property and lost production systems or data to serious fines and reputational loss. Cybersecurity is a multi-faceted discipline requiring a proactive approach across the business. For your business to be best prepared against threats, it’s important to consider the following elements:

People

Ensure you invest in your people by providing relevant and timely security training for staff, contractors and third parties, which not only supports your organisation’s objectives but

Tim Grieveson

can be used in personal digital lives too. It’s essential to engage all your employees as active cybersecurity ambassadors by educating them on identification, prioritisation and understanding the changing security landscape including dangers of malware, phishing, unofficial USBs and social media oversharing so they can behave and act accordingly.

Network

It’s vital to maintain a unidirectional gateway between IT and OT systems, as well as running continuous vulnerability assessments and installing anti-malware solutions for industrial end points, as well as your corporate and lab environments.

Partners

Select vendors that will partner with you to protect critical data and understand your security, legal principles and privacy policies. Determine where and how data will be collected, used and stored. Ensure partners include security as a core component of their service offering as opposed to an optional extra. Ensure they take shared responsibility for good cyber hygiene and are transparent on what they can and cannot do to support your business.

Processes

It’s important to build a culture of cross department buy-in across management, IT, security and business operational teams for cybersecurity processes. In addition, you should develop, your cybersecurity program to ensure continual improvement ensuring you build in findings from regular audits and vulnerability assessments to ensure systematic risk burn down and capability improvement.

Devices

Ensure you change your IoT device passwords from the factory default; extend your security and password policies to mobile devices; and conduct regular intrusion testing and anomaly detection on all devices. Never assume your devices are safe and always validate and include them in your security assessment strategy.

Vendor checklist

When considering your cybersecurity needs, choosing the right partner is crucial. Software vendors play a key part in your cyber defence strategy. When considering a cloud or IoT partner, here are some key questions to consider:

Physical security

Where are their cloud services physically deployed? Where will my data actually reside? Where and how will my data be captured, stored and used?

Data security

How is your information protected – at rest and in motion? Does your vendor support unidirectional data transfer? How does your supplier deal with network outages?

Application security

How do they handle authentication, authorisation and account management? What is their approach to identity and access management (IAM)? Are they using a recognised secure development framework? What is their response to identification and remediation of known and unknown vulnerabilities?

Continuous monitoring and improvement

Do they have proactive monitoring and active security policies in place? Can they identify abnormal behavior and catch anomalous activity? What procedures are there to detect and isolate suspicious activity online? Do they use threat information derived from monitoring to continually improve security controls and techniques?

Security assessments

Do they have a proactive program of internal and external security audits? How do they deal with ongoing compliance with regulations, such as GDPR? Do they have a published security statement that you can read? When you detect vulnerabilities how do they disclose them and how promptly do they remediate?

Staff

How do you vet and train your staff? Do your staff hold relevant security certifications and experience – and do they share this information with you? Do your staff use third-parties as part of the service delivery and how do they ensure compliance with your security principles?

By including these basic cyber stages in your security strategy, you will take the first steps towards a complete protection strategy. In today’s world of ever more complex cyber threats, a comprehensive security strategy – covering all the basics – is no less than critical for protecting your digital and physical assets. .

“ACCORDING TO GLOBAL CYBERSECURITY ANALYSTS, INDUSTRIAL SYSTEMS ARE STILL NOT YET SUFFICIENTLY PROTECTED AGAINST THE NEW AND MULTI-FACETED RISKS OF DIGITAL TRANSFORMATION, DESPITE BEING SUSCEPTIBLE TO INCREASING RISKS FOR MANY YEARS.”

ACRONIS CYBER PROTECT HOME OFFICE: OFFERING COMPREHENSIVE DATA PROTECTION AND CYBERSECURITY

THE AWARD-WINNING PRODUCT (FORMERLY ACRONIS TRUE IMAGE) PROVIDES INDIVIDUALS WITH COMPREHENSIVE PROTECTION AGAINST ALL THREATS — FROM DISK FAILURES TO CYBERATTACKS.

Acronis, the global leader in cyber protection, has released the newlyrebranded Acronis Cyber Protect Home Office (formerly Acronis True Image.) This new name for the company’s flagship personal solution reflects its evolution from data and system backup software to a solution that delivers complete cyber protection — next-generation antimalware, best-in-breed backup, and easy management, all-in-one integrated tool.

Cyber protection

The need for both effective data protection and cybersecurity has become dominant in daily life. Businesses rely on the continuous availability and integrity of their data, while individuals around the world send and receive large volumes of sensitive information over remote connections. Cybercriminals, in response, have stepped up the scale and complexity of their attacks — and with advances in the automation of these threats, no one is “too small to target.”

Recognising the evolving challenges of data protection, Acronis has been advancing its solutions since 2017 to meet the latest challenges. When ransomware threats began targeting file backups directly, the company became the first to integrate anti-ransomware defenses into a personal backup solution. In 2021, Acronis continued to expand its cybersecurity focus, adding capabilities that include threat-agnostic anti-malware, cryptojacking protection, and web filtering. The solution evolved from a backup one to a completely personal cyber protection solution, safeguarding not only backups but devices as well.

Acronis’ success with these efforts has not gone unnoticed, earning Editor’s Choice awards from both PCWorld and PCMag. PCWorld called it “an all-encompassing tragedyprevention solution.” When evaluated by independent security research lab AV-TEST, the integration of data backup and advanced cybersecurity successfully detected and blocked 100% of cyberattacks.

Protection for everybody

Acronis Cyber Protect Home Office (formerly Acronis True Image) incorporates a number of capabilities

to counter modern cyberthreats and ensure complete data protection. The unique integration of cybersecurity and backup into a single solution not only makes protection simpler and more affordable, but also delivers advanced capabilities that standalone solutions cannot — such as the automatic restoration of any data damaged during a ransomware attack.

Its advanced anti-malware is proven to detect and stop the latest cyberthreats in real-time, including zero-day attacks that have never been seen before. Protection is extended across popular software, including video conferencing applications like Zoom and Microsoft Teams, preventing attackers from accessing data in-transit.

“The past two years have changed the way to keep your critical data truly protected. Now we offer Acronis Cyber Protect Home Office – to protect every individual and home office, and keep the world going despite the challenges of the remote work and distributed IT infrastructure.”

To learn more about the cybersecurity and data protection capabilities that Acronis Cyber Protect Home Office enables for individuals such as home users, remote workers, freelancers, and at-home students, visit the official page.

About Acronis

Acronis unifies data protection and cybersecurity to deliver integrated, automated cyber protection that solves the safety, accessibility, privacy, authenticity, and security (SAPAS) challenges of the modern digital world. With flexible deployment models that fit the demands of service providers and IT professionals, Acronis provides superior cyber protection for data, applications, and systems with innovative next-generation antivirus, backup, disaster recovery, and endpoint protection management solutions. With award-winning AI-based antimalware and blockchain-based data authentication technologies, Acronis protects any environment — from cloud to hybrid to on-premises — at a low and predictable cost.

Founded in Singapore in 2003 and incorporated in Switzerland in 2008, Acronis now has more than 1,700 employees in 34 locations in 19 countries. Its solutions are trusted by more than 5.5 million home users and 500,000 companies, including 100% of the Fortune 1000, and top-tier professional sports teams. Acronis products are available through 50,000 partners and service providers in over 150 countries in more than 40 languages.

industry landscape for good, no user is too small to be targeted anymore” said Candid Wuest, Acronis VP of Cyber Protection Research. “The unique quality of our corporate solutions is the integrated cyber protection – combining cybersecurity and backup is the only

RECOGNISING THE EVOLVING CHALLENGES OF DATA PROTECTION, ACRONIS HAS BEEN ADVANCING ITS SOLUTIONS SINCE 2017 TO MEET THE LATEST CHALLENGES.

CYBERSECURITY CONTROLS TO STOP RANSOMWARE

RAYMOND POMPON, DIRECTOR OF F5 LABS, ON RANSOMWARE AND WHAT CAN BE DONE TO PREVENT THIS.

F5 Labs’ 2021 Application Protection report shows that ransomware was a factor in about 30% of U.S. breaches in 2020. This trend is also playing out to varying degrees globally. When we look at the breach analyses, some of the most important controls were user account management, network segmentation, and data backup. The challenge is how to best implement them.

Ransomware defense no. 1: user account management

A significant percentage of attackers log into systems to hack them. They guess, steal and phish passwords. Indeed, historically speaking, passwords provide poor protection. Here’s how we can do better:

Enable multifactor authentication on everything you can

Best practices, and some compliance regulations, indicate the use of multifactor authentication (MFA) on all systems holding critical data. If you can’t apply MFA to everything, then prioritise. First, all administrative accounts should use MFA. As a major attack vector for ransomware, remote access is the next priority. Given all the critical data people leave in email and that most major email platforms support MFA, adding it to end-user email is the next priority.

Implement a robust password policy

Until you can get to 100% MFA for all access (hint: look for single sign-on tools to help here), we advise looking into the following measures (based on the NIST Digital Identity Guidelines): · Make your password policies userfriendly. · Regularly check passwords against a dictionary of default, stolen, and wellknown passwords. · Never use hints for password resets. · Use long passwords. · Avoid arbitrary password rotations. · Lock or remove unnecessary credentials.

Limit administrative access

Strong account management means applying the principle of least privilege. The key priority is to limit administrative access. Unless you’re an IT shop of one person that works 24/7, divide the responsibilities by region, time zone, or system function. Another powerful technique is to separate the system administrator accounts from their day-to-day user accounts. Admins should use a nonprivileged account for things like reading email, surfing the web, and accessing applications. Then, when they need to perform IT administration, they switch accounts or elevate their privileges. This way, if an admin accidently clicks on a phishing email with ransomware, it won’t wipe out the entire network. Many of these restriction capabilities are configurable within most operating systems.

The same approach applies to service accounts. These are the often invisible accounts that are tied to running applications. These services are ripe for attacker takeover. Associated accounts should restrict rights to only those necessary to run the service. Web servers need rights to their own service and the file directories, not an entire box or the entire network. Using a generic full admin account as a service account is a disaster waiting to happen. Operating systems have some built-in functions to restrict these service accounts, disallowing human interactive logins and tying them only to the servers and services they are supposed to function on.

In some systems, you can restrict service account privilege domains as well. For example, you can set up a backup server to have read-only access to the main domain, so it can copy files for backup. Restores can be done under a different account or manually with a system administrator.

Raymond Pompon

Monitor access

All user accounts should be logged for audit purposes in a way that prevents tampering. Attackers will try to erase their tracks, so your monitoring system should sound the alarm if it detects logs being deleted or they stop coming in. It’s also prudent to have the system automatically raise an alert when a system administrator account is created. This should be a rare enough event that false positives are manageable. It is also important to review general user accounts against personnel records to ensure only the right people continue to have access. Lastly, because of the prevalence of brute force and credential stuffing attacks, create alerts for large numbers of login failures.

Ransomware defense no. 2: network segmentation

Firewalls can limit infections to specific segments of users, systems, or levels of trust. Virtual LANs, which run on managed switches, can also be a useful fallback if internal firewalls are unfeasible. This is essentially least privilege at a network level.

Segment trust boundaries

Worried about supply chain compromise of your management tools? Set up default deny policies with firewall rules controlling the management servers. Then configure only the specific connections and ports necessary for remote management copies on different media, and one offsite. Remember to back up everything, including system images, application software, and configurations. You can then rebuild servers and workstations, preferably using automation for speed and ease.

Test your complete restore process

Restore testing should include tests for completeness and speed. It’s one thing to perform a test restore for a few files but another thing to restore hundreds of terabytes. In many cases, a complete restore process can take days to complete. Also, if you are backing up online – such as saving data to the cloud – check your bandwidth speed requirements and costs. Some cloud providers charge much more in transfer fees to download data from their cloud than to upload to it.

Use immutable backups

Most major cloud providers now offer immutable storage options, such as placing a software lock on a file when it’s created. The lock can remain in place for weeks or months to ensure stored files cannot be altered. These locks can both protect against ransomware and meet compliance and legal requirements for tamperproof logs.

Defense in depth

Ransomware is a growing threat to our critical systems. Fortunately, a defense in depth strategy can prevail.

Ultimately, though, there is no cutand-dried checklist on what controls and defenses to leverage. It will vary based on your organisation’s business, technological infrastructure, culture, and relevant threats. The key is analysing and understanding the threats you face and the assets you care about, and then applying divergent but overlapping controls to remediate as much risk as you can. The good news is that a coordinated collection of useful but imperfect defenses is not only more effective than a single bulletproof control, it’s a lot more attainable.

capabilities to the specific managed system addresses. Note that a remote management system can have Internet access or internal network access but not both simultaneously. Make it harder for an Internet attacker to remote control a server in your environment. The same rule applies for administrative interfaces: limit their access with network rules.

Network traffic can be filtered wherever subnets of different trustworthiness connect to each other, such as wireless networks, remote access gateways, third-party connections, storage servers, Internet-of-Things devices, backup servers, developer systems, and user networks. Once again, apply least privilege and only allow the defined communication methods to the defined addresses.

Patch network infrastructure

The network devices and firewalls that manage network segmentation also need to be patched in a timely manner. Attackers will exploit those bugs and break through, so make sure to keep those devices up to date.

Ransomware defense no. 3: data backup

Once ransomware takes hold of your systems, it’s best to delete everything and reload from scratch. Attackers know this and will corrupt backup systems as part of the ransomware attack. So, have complete, up-to-date backups, and protect them.

Use the 3-2-1 backup method

Use the 3-2-1 backup strategy. This means having three backups of your data, with two

“STRONG ACCOUNT MANAGEMENT MEANS APPLYING THE PRINCIPLE OF LEAST PRIVILEGE. THE KEY PRIORITY IS TO LIMIT ADMINISTRATIVE ACCESS.”

BEST OF NETAPP DELIVERED WITH THE BEST OF AWS

ANTHONY LYE, SVP & GM CLOUD DATA SERVICES AT NETAPP, DISCUSSES THE AMAZON FSX FOR NETAPP ONTAP SERVICE THAT MAKES IT EASY AND COST EFFECTIVE FOR BUSINESSES TO LAUNCH AND RUN SHARED STORAGE FOR WINDOWS AND LINUX WORKLOADS.

AWS have just announced the general availability of Amazon FSx for NetApp ONTAP, a native AWS managed service powered by NetApp ONTAP software and available around the world. This new AWS service makes it easy and cost effective for businesses to launch and run shared storage for Windows and Linux workloads, while offering NetApp’s suite of enterprise-grade data services—all running in an AWS native experience.

For NetApp, this moment represents the culmination of years of hard work and continuous innovation bringing ONTAP to the cloud. Long trusted in the data center, we’re now the first and only storage environment that is truly enabled for hybrid cloud and natively integrated into each of the major public cloud providers.

This innovative foundation enables IT operations to extend data centers and migrate enterprise applications like SAP, relational databases, and virtual machines to AWS. But that’s just the beginning. We’ve progressively added a wide range of new cloud data services to help you back up, replicate, protect, and cache data while maintaining compliance. We empower you to successfully navigate the challenges of managing hybrid cloud infrastructure.

To the thousands of existing customers who know and love ONTAP from their data centers, Amazon FSx for NetApp ONTAP directly offers the full set of ONTAP features and APIs—all available on day 1. Besides managing ONTAP natively from the AWS Management Console or accessing APIs through AWS SDKs and the AWS Command Line Interface (CLI), you can easily add your AWS infrastructure to your NetApp Cloud Insights dashboard and use NetApp Cloud Manager to orchestrate all your data and cloud services. And if you’re a customer of Spot by NetApp, you can immediately tap into the power of Spot Storage, continually optimising storage and compute resources to cost-effectively match application needs for virtual machines and containers. At the risk of hyperbole, this is a real game changer.

This tight integration of ONTAP into the infrastructure of AWS allows both born-in-the-cloud companies and stalwarts of industry to seamlessly use NetApp’s broader cloud portfolio. Any company—big or small, a department or a division, an integrator or an independent software vendor—can easily implement this technology. They’ll get NetApp’s powerful data services and applications combined with AWS-native APIs and rich services for launching, scaling, monitoring, and managing applications and workloads in AWS. Each of these services is designed to deliver immediate business value, whether in the form of cost efficiency, compliance, data protection, or performance.

There’s a reason AWS chose NetApp. ONTAP provides fully-featured and high-performance shared storage for file and block workloads. Integrated with a wide range of enterprise-proven capabilities, ONTAP is the most efficient, resilient, and highest-performing data management software in the world. We make it easier and faster to build rich experiences and to manage data sets so you can migrate and run primary applications, extend on-premises infrastructure to the cloud for disaster recovery, build dev/test environments, back up data, burst and cache, and set the stage for stateful applications to run in containerised applications.

Depending on your business needs, FSx for ONTAP offers several options for protecting your data. NetApp Cloud Backup (integrated with FSx for ONTAP backups) delivers cost-effective backup and restore capabilities for cloud and on-premises ONTAP data. You can drastically reduce backup times and instantly restore data from in-place zero-impact NetApp Snapshot™ copies if data loss, ransomware, or data inconsistency occurs. The NetApp SnapMirror® feature provides highly available and efficient replication of data copies, including support for multiple Availability Zones and cross-region disaster recovery to protect and test against site outages without disruption. The NetApp FlexClone® feature delivers fast, space-efficient copies and fully supports block-level “forever” replication.

For nearly a decade, NetApp and AWS engineers have worked together to create industry-leading cloud services. Hats off to all the teams who made this achievement possible. We are so excited to begin writing this new verse of innovation with AWS customers.

“TO THE THOUSANDS OF EXISTING CUSTOMERS WHO KNOW AND LOVE ONTAP FROM THEIR DATA CENTERS, AMAZON FSX FOR NETAPP ONTAP DIRECTLY OFFERS THE FULL SET OF ONTAP FEATURES AND APIS— ALL AVAILABLE ON DAY ONE.”

TO DETERMINE THE SCOPE AND IMPACT OF AN ATTACK, ORGANISATIONS FIRST NEED TO IDENTIFY THEIR HIGHEST PRIORITY ASSETS.

CAN ORGANISATIONS BE PREPARED FOR A CYBERATTACK?

HARISH CHIB, VICE-PRESIDENT MIDDLE EAST & AFRICA AT SOPHOS, ON HOW TO CREATE AN EFFECTIVE CYBERSECURITY INCIDENT RESPONSE PLAN.

Believe it or not, ransomware and other cyberattacks are the last sign an adversary has breached an organisation’s network. In fact, when it’s obvious that a business has been victimized by an attack, it typically means cybercriminals have been lurking for days, if not months. The question is, if cyberattacks take a while to execute, can organisations be prepared and act in real time to minimise the damage of cyberattacks?

The best way forward for businesses is to have a structured Incident Response

Harish Chib

Plan, so they can act as fast as possible when under an active attack.

Sophos recommends the following 10 steps to create an effective cybersecurity incident response plan, based on the real-world experiences of its Sophos Managed Threat Response and Sophos Rapid Response teams, who have tens of thousands of hours of experience when it comes to dealing with cyberattacks.

10 STEPS TO CREATE AN EFFECTIVE CYBERSECURITY INCIDENT RESPONSE PLAN 1. Determine key stakeholders

Properly planning for a potential incident is not the sole responsibility of security teams. In fact, an incident will likely impact almost every department in an organisation, especially if the incident turns into a full-scale breach. To properly coordinate a response, organisations must first determine who should be involved. This often includes representation from senior management, security, IT, legal, and public relations.

2. Identify critical assets

To determine the scope and impact of an attack, organisations first need to identify their highest priority assets. Mapping out highest priority assets will not only help determine a protection strategy, but will also make it much easier to determine the scope and impact of an attack.

3. Run tabletop exercises

Incident response is like many other disciplines – practice makes perfect. While it is difficult to fully replicate the intense pressure, the teams will experience during a potential breach, practice exercises ensure a more tightly coordinated and effective response when a real situation occurs. It is important to not only run technical tabletop exercises, but also broader exercises that include the various business stakeholders previously identified.

4. Deploy protection tools

The best way to deal with an incident is to protect against it in the first place. Organisations should ensure they are using the appropriate endpoint, network, server, cloud, mobile, and email protection.

5. Ensure maximum visibility

Without the proper visibility into what is happening during an attack, organisations will struggle to respond appropriately. Before an attack occurs, IT and security teams should ensure they can understand the scope and impact of an attack, including determining adversary entry points and points of persistence.

6. Implement access control

Attackers can leverage weak access control to infiltrate an organisation’s defenses and escalate privileges. Organisations should regularly ensure that they have the proper controls in place to establish access control.

7. Invest in investigation tools

In addition to ensuring the necessary visibility, organisations should invest in tools that provide the necessary context during an investigation.

Some of the most common tools used for incident response include Endpoint Detection and Response (EDR) or Extended Detection and Response (XDR), which allows organisations to hunt across their environment to detect indicators of compromise (IOCs) and indicators of attack (IOA).

8. Establish response actions

Detecting an attack is only part of the process. To properly respond to an attack, IT and security teams need to ensure they can conduct a wide range of remedial actions to disrupt and neutralise an attacker.

9. Conduct awareness training

While no training program will ever be 100% effective against a determined adversary, education programs (i.e. phishing awareness) help reduce the risk level and limit the number of alerts security teams need to respond to.

10. Hire a managed security service

Many organisations are not equipped to handle incidents on their own. Swift and effective response requires experienced security operators. To ensure this, organisations should consider working with an outside resource such as a Managed Detection and Response (MDR) provider.

To sum up, when a cybersecurity incident strikes, time is of the essence. Having a well-prepared, well-understood response plan that all key parties can immediately put into action will dramatically reduce the impact of an attack on an organisation.

This article is from: